BotNet News

Your source for Online Security News

Ransomware is malware that infects computers, encrypts files and then demands payment from victims to regain access to those files. The malware typically targets businesses, hospitals and health care systems, local governments, schools and school districts and even individual consumers. This year, attacks on the Colonial Pipeline, a major meatpacker JBS and Steamship Authority—just to name a few—have made headlines and demonstrate that no organization is safe from ransomware attackers.

Cybercriminals behind ransomware attacks are constantly evolving their attack tactics. They are also getting more sophisticated in their approach to extortion. For example, they are targeting companies with a history of prior security incidents to leverage their insider knowledge of the company’s vulnerability. This has proven to be a successful strategy.

One of the most common infection vectors is via unsecured remote-desktop services, which allow an attacker to login to an internal network from anywhere. The attacker can then download the malicious payload, enabling them to infect computers across the enterprise.

Often, the first signs of ransomware are an abnormally high CPU or hard drive usage, which can signal that an organization’s data is being held hostage. If you suspect your computers are infected, the first thing to do is quarantine the affected machine. This will help prevent the malware from spreading to other machines and will limit its ability to communicate with command-and-control systems. The next step is to create backups of any encrypted files, as restoring those files may not require paying the ransom. Finally, be sure to report the attack to your supervisor and whatever entity you report cybersecurity issues to at work.